{"id":"JLSEC-2025-99","summary":"A flaw was found in libssh, a library that implements the SSH protocol","details":"A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.","modified":"2025-11-25T22:13:15.534865Z","published":"2025-10-19T18:40:48.457Z","upstream":["CVE-2025-8114"],"database_specific":{"license":"CC-BY-4.0","sources":[{"id":"CVE-2025-8114","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-8114","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8114","imported":"2025-11-25T21:57:29.296Z","published":"2025-07-24T15:15:27.117Z","modified":"2025-11-17T21:15:58.530Z"}]},"references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2025-8114"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383220"},{"type":"WEB","url":"https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d"},{"type":"WEB","url":"https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9"},{"type":"WEB","url":"https://www.libssh.org/security/advisories/CVE-2025-8114.txt"}],"affected":[{"package":{"name":"libssh_jll","ecosystem":"Julia","purl":"pkg:julia/libssh_jll?uuid=a8d4f100-aa25-5708-be18-96e0805c2c9d"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.11.3+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-99.json"}}],"schema_version":"1.7.3"}